tequilaOS/platform_system_sepolicy

Author	SHA1	Message	Date
Jin Jeong	99324e0d2f	Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."" into udc-dev am: `7b646790c5` am: `f95904e9a7` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201116 Change-Id: I47923ed8c0650149ffea42838861851eba5292b6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 02:30:02 +00:00
Jin Jeong	63c2056f81	Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" into udc-dev am: `a93b7daef3` am: `93252e4871` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23167567 Change-Id: I6bc3151e88da2fdb1c1fa203390f96691734c1b5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 02:29:56 +00:00
Jin Jeong	f95904e9a7	Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."" into udc-dev am: `7b646790c5` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201116 Change-Id: I0a6bb0acf6dcaeba93658630c6bf53892650ee51 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 01:47:07 +00:00
Jin Jeong	93252e4871	Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" into udc-dev am: `a93b7daef3` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23167567 Change-Id: I04f844254e44c6262d9651554d44bd8c464e0482 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 01:47:01 +00:00
Jin Jeong	ae80e8cffa	Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."" into udc-dev am: `7b646790c5` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201116 Change-Id: I272af89efc194c111a0cb0c3955e2e37ff82b763 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 01:42:43 +00:00
Jin Jeong	cec9a99b28	Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" into udc-dev am: `a93b7daef3` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23167567 Change-Id: Ia1cc228b66bea6510ca4b649fa9d4c1adfa0900f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-24 01:42:35 +00:00
Jin Jeong	7b646790c5	Merge "Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..."" into udc-dev	2023-05-24 01:07:12 +00:00
Jin Jeong	a93b7daef3	Merge "Revert "Fix selinux denial for setupwizard_esim_prop"" into udc-dev	2023-05-24 01:07:12 +00:00
Anoush Khazeni	ad40691149	Merge "Adding a property entry for the assistant volume." into udc-dev am: `1e1a425a9b` am: `38b5b0804b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23214185 Change-Id: I87eccc8ddc7f8ed46991b4159fdf658c06073118 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 19:24:33 +00:00
Anoush Khazeni	38b5b0804b	Merge "Adding a property entry for the assistant volume." into udc-dev am: `1e1a425a9b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23214185 Change-Id: I42a23d2afa814d8ddbe331b433084c0f9eafb204 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 19:03:15 +00:00
Anoush Khazeni	15875fa311	Merge "Adding a property entry for the assistant volume." into udc-dev am: `1e1a425a9b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23214185 Change-Id: Ib3a830112f4b6cdd2c3e346443bbdf0fdf324699 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 19:00:54 +00:00
Anoush Khazeni	1e1a425a9b	Merge "Adding a property entry for the assistant volume." into udc-dev	2023-05-22 18:58:43 +00:00
Gavin Corkery	97fc74e8c6	Sync API 34 prebuilts Ignore-AOSP-First: Cherrypick Test: Manual Bug: 281843854 Change-Id: I73f79b6566ed3e3d8491db6bed011047d5a650ce Merged-In: I73f79b6566ed3e3d8491db6bed011047d5a650ce	2023-05-22 12:09:36 +00:00
Suren Baghdasaryan	248cb36db3	allow modprobe to load modules from /system/lib/modules/ am: `8a6f45d363` am: `67036eb3a7` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23351624 Change-Id: Iedae70c32829c4c7c6de67ea63dc524b2b073a7c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 03:51:09 +00:00
Suren Baghdasaryan	67036eb3a7	allow modprobe to load modules from /system/lib/modules/ am: `8a6f45d363` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23351624 Change-Id: I280596a0a0f68e7ef7befd51b5be32527c9c54c0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-22 02:56:58 +00:00
Suren Baghdasaryan	8a6f45d363	allow modprobe to load modules from /system/lib/modules/ This is needed to load GKI leaf modules like zram.ko. Bug: 279227085 Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: I8a8205e50aa00686f478aba5336299e03490bbb5 Merged-In: I8a8205e50aa00686f478aba5336299e03490bbb5	2023-05-19 19:03:17 +00:00
Peiyong Lin	ccfc06a30d	Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" into udc-dev am: `8fde7b737b` am: `a1ff69b2f0` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23338256 Change-Id: Ia10647e6bfdd632c0cb96ea1891a7e78e32e04a4 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-19 11:24:10 +00:00
Peiyong Lin	a1ff69b2f0	Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" into udc-dev am: `8fde7b737b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23338256 Change-Id: I4dfa3097b465226fb09113fb69783f76e0a2ee62 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-19 10:41:54 +00:00
Peiyong Lin	505ddee411	Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" into udc-dev am: `8fde7b737b` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23338256 Change-Id: I55dc1f86af4d3d05a2910288a77ee08aff1dde05 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-19 10:37:43 +00:00
Peiyong Lin	8fde7b737b	Merge "Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver"" into udc-dev	2023-05-19 09:57:00 +00:00
Peiyong Lin	98ec998136	Revert "Add "ro.hardware.egl_legacy" for ANGLE system driver" This reverts commit `92251f5d15`. Reason for revert: Remove deferred list functionality now that the shape of ANGLE shipping form is binaries. Applications on the list are broken with ANGLE due to the lack of YUV support, this is currently being worked on. Ignore-AOSP-First: Cherry-pick revert. Bug: 280450222 Change-Id: Ied92e6f482fe77e045139b4b0531b1db1a7ffb13 Test: atest CtsAngleIntegrationHostTestCases	2023-05-19 00:41:17 +00:00
Gavin Corkery	44ef0774ea	Merge "Allow apps and SDK sandbox to access each others' open FDs" into udc-dev am: `0461233b7a` am: `3438cb6403` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23208520 Change-Id: Ia6fc96b327eff0736b4cdad8d1a9f04a99832a14 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-18 09:07:47 +00:00
Gavin Corkery	3438cb6403	Merge "Allow apps and SDK sandbox to access each others' open FDs" into udc-dev am: `0461233b7a` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23208520 Change-Id: I043ff1c38dc14b2ebc93ee7bfd5905c128d32509 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-18 08:26:18 +00:00
Gavin Corkery	0461233b7a	Merge "Allow apps and SDK sandbox to access each others' open FDs" into udc-dev	2023-05-18 07:51:32 +00:00
Anoush Khazeni	87da0af704	Adding a property entry for the assistant volume. Ignore-AOSP-First: confidential feature Adding a system property to be read by AudioService to override the minimum volume setting for the assistant stream. Bug: 277829235 Test: Build only Change-Id: I08c500c0a3bb040559ca99d1817b7b848deee8c6	2023-05-17 11:44:26 -07:00
Gavin Corkery	a707712813	Allow apps and SDK sandbox to access each others' open FDs An app may wish to pass an open FD for the SDK sandbox to consume, and vice versa. Neither party will be permitted to write to the other's open FD. Ignore-AOSP-First: Cherrypick Test: Manual Bug: 281843854 Change-Id: I73f79b6566ed3e3d8491db6bed011047d5a650ce Merged-In: I73f79b6566ed3e3d8491db6bed011047d5a650ce	2023-05-17 14:28:40 +00:00
Treehugger Robot	49e5ad5cbf	Merge "Add canary restrictions for sdk_sandbox" into udc-dev am: `9b7ea76a8d` am: `5bc4d481f2` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23153643 Change-Id: Ic91ca234bd0001295465f2347b9dc9310cdb47a5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-13 00:47:18 +00:00
Treehugger Robot	5bc4d481f2	Merge "Add canary restrictions for sdk_sandbox" into udc-dev am: `9b7ea76a8d` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23153643 Change-Id: I9eccd1a4e90831ce2306e15bd7b132cf368fe620 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-13 00:04:15 +00:00
Mugdha Lakhani	d44c51e017	Add canary restrictions for sdk_sandbox Add sdk_sandbox_next and apply it if a new input selector, isSdkSandboxNext, is applied. This is set to true by libselinux if a flag is set in the seInfo passed to it. This enables some testers to test out the set of restrictions we're planning for the next SDK version. sdk_sandbox_next is not the final set of restrictions of the next SDK version. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a Merged-In: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a	2023-05-12 20:06:31 +00:00
Mugdha Lakhani	0dde99d720	Add canary restrictions for sdk_sandbox Add sdk_sandbox_next and apply it if a new input selector, isSdkSandboxNext, is applied. This is set to true by libselinux if a flag is set in the seInfo passed to it. This enables some testers to test out the set of restrictions we're planning for the next SDK version. sdk_sandbox_next is not the final set of restrictions of the next SDK version. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a Merged-In: Ie8bad9c1b8f8eb032d13e1822689c78ad3d2c68a	2023-05-12 19:05:34 +00:00
Treehugger Robot	4069aa56ef	Merge "Grant system_server the permission to create its own profile." into udc-dev am: `62037d3f93` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201106 Change-Id: Ib54115b1e04cc4342d5c57886c7e220404f9d85b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 11:57:21 +00:00
Treehugger Robot	adac570c2d	Merge "Grant system_server the permission to create its own profile." into udc-dev am: `62037d3f93` am: `23b4d83e79` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201106 Change-Id: Icaf1a59866d1e6332852f9885bcb1dad59ec80ac Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 11:41:14 +00:00
Martin Stjernholm	693eb182d0	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: `4f2b8ce361` am: `f82b6d2c1c` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204 Change-Id: Ia96628706fd7361d18ab6db209b584a2538e651b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 11:40:47 +00:00
Treehugger Robot	23b4d83e79	Merge "Grant system_server the permission to create its own profile." into udc-dev am: `62037d3f93` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23201106 Change-Id: Ie3782edae7942fadf78814e784bf72fd570ca2d0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 11:19:44 +00:00
Treehugger Robot	62037d3f93	Merge "Grant system_server the permission to create its own profile." into udc-dev	2023-05-12 11:11:03 +00:00
Martin Stjernholm	f82b6d2c1c	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: `4f2b8ce361` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204 Change-Id: If7f7a7b10eddf86c6a7501c00263cfe9a4dd011c Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 10:58:26 +00:00
Martin Stjernholm	5557ec5583	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: `4f2b8ce361` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204 Change-Id: Idb0edb8c39f038d7d21e8c1c41c486d0b34a5e99 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-12 10:54:04 +00:00
Martin Stjernholm	4f2b8ce361	Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev	2023-05-12 10:28:21 +00:00
Jiakai Zhang	bdfc175e1e	Grant system_server the permission to create its own profile. When ART Service is enabled, the runtime uses a different strategy to write profiles: it first creates a temp profile file, and then moves it to the final location, instead of mutating the file in place. This new strategy requires the permission to create files. While apps have this permission, unfortunately, system_server didn't. This CL fixes this problem. Bug: 282019264 Test: - 1. Enable boot image profiling (https://source.android.com/docs/core/runtime/boot-image-profiles#configuring-devices) 2. Snapshot the boot image profile (adb shell pm snapshot-profile android) 3. Dump the boot image profile (adb shell profman --dump-only --profile-file=/data/misc/profman/android.prof) 4. See profile data for services.jar Ignore-AOSP-First: This change requires updating the 34.0 prebuilt, which doesn't exist on AOSP. Will cherry-pick to AOSP later. Change-Id: Ie24a51f2d40d752164ce14725f122c73432d50c9	2023-05-12 10:51:38 +01:00
Jin Jeong	9627dc5c78	Revert "Fix selinux denial for setupwizard_esim_prop" Revert submission 22955599-euicc_selinux_fix2 Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Reverted changes: /q/submissionid:22955599-euicc_selinux_fix2 Change-Id: I00cac36ac2f2a23d02c99b9ad9df57061d1ae61c	2023-05-12 04:18:33 +00:00
Jin Jeong	ec4fe33a6a	Revert "Add setupwizard_esim_prop to access ro.setupwizard.esim_..." Revert submission 22899490-euicc_selinux_fix Reason for revert: b/279988311 we rename the vendor.modem property so we don't need to add the new rules Reverted changes: /q/submissionid:22899490-euicc_selinux_fix Change-Id: I0c2bfe55987949ad52f62e468c84df954f39a4ad	2023-05-12 04:17:35 +00:00
Treehugger Robot	740bba657c	Merge "Allow camera service to access "ro.camera.disableJpegR" property" into udc-dev am: `1d32d9af19` am: `5fa5ae78d2` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23148868 Change-Id: I02ca17e1a5a127d6af49a5ef98b4eeac6166a0d0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 19:07:25 +00:00
Treehugger Robot	5b5bd68861	Merge "Allow camera service to access "ro.camera.disableJpegR" property" into udc-dev am: `1d32d9af19` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23148868 Change-Id: Ic37531e3493098a6d935eb27aef6a4d50591177b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 18:44:07 +00:00
Treehugger Robot	5fa5ae78d2	Merge "Allow camera service to access "ro.camera.disableJpegR" property" into udc-dev am: `1d32d9af19` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23148868 Change-Id: I4cbc1cc0319b022f0eb6710e2c3e9c3865b2191d Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 18:42:05 +00:00
Treehugger Robot	1d32d9af19	Merge "Allow camera service to access "ro.camera.disableJpegR" property" into udc-dev	2023-05-11 18:12:35 +00:00
Mugdha Lakhani	1a87c7750d	Merge "Create sdk_sandbox_all." into udc-dev am: `f21942129a` am: `47899e2afb` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061001 Change-Id: I338b999f90b6b873288c2ed905e28a2ef10fa134 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 15:29:28 +00:00
Mugdha Lakhani	47899e2afb	Merge "Create sdk_sandbox_all." into udc-dev am: `f21942129a` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061001 Change-Id: Ib2ad91d15d7a5ceb79729a6a4bef2a13aa0286f2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-11 14:47:54 +00:00
Martin Stjernholm	3d7093fd7b	Allow the ART boot oneshot service to configure ART config properties. Test: See commit 2691baf9d4f8086902d46b2e340a6e5464857b90 in art/ (ag/23125728) Bug: 281850017 Ignore-AOSP-First: Will cherry-pick to AOSP later Change-Id: I14baf55d07ad559294bd3b7d9562230e78201d25	2023-05-11 13:38:57 +01:00
Emilian Peev	9e505e2ee7	Allow camera service to access "ro.camera.disableJpegR" property Additionally enable access to 'ro.camera.enableCompositeAPI0JpegR' Ignore-AOSP-First: Cherrypick Bug: 262265296 Test: Manual using adb shell dumpsys media.camera with property enabled and disabled Change-Id: I8ae75d06eb7f2a5fff03fb9f8ffda94079f287e7	2023-05-10 16:44:19 -07:00
Mugdha Lakhani	9304b8a6cc	Create sdk_sandbox_all. Rename sdk_sandbox to sdk_sandbox_34. Additionally, Extract out parts of sdk_sandbox_34 to sdk_sandbox_all.te that will be shared with all sdk_sandbox domains. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: I36e0c8795148de83c81dfe12559452812aa2b25e Merged-In: I36e0c8795148de83c81dfe12559452812aa2b25e	2023-05-10 17:54:07 +00:00
Treehugger Robot	9515104698	Merge "Relax sdk sandbox sepolicy." into udc-dev am: `2079ab2f28` am: `c76e2b4b91` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061000 Change-Id: I91e80cb857886bdb37604ae5b615736e70c9d2f0 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-10 11:28:04 +00:00
Treehugger Robot	c76e2b4b91	Merge "Relax sdk sandbox sepolicy." into udc-dev am: `2079ab2f28` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23061000 Change-Id: I4377e8617fd1e9d97a0b28f88536ace2b9a4b12b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-10 10:47:16 +00:00
Treehugger Robot	2079ab2f28	Merge "Relax sdk sandbox sepolicy." into udc-dev	2023-05-10 09:51:25 +00:00
Gavin Corkery	5e22766f47	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` am: `868227b663` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: I14bb602b1de39f74034026ae190c6df84920af7b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:57:39 +00:00
Gavin Corkery	868227b663	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: Ia024858f4192ebeccfe6b86b16aafa19cd31b6ad Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:18:25 +00:00
Gavin Corkery	28db930df3	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev am: `fefe81b685` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21931719 Change-Id: I057951e491c883dfd3beb784d76a920246f349ae Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-09 16:13:54 +00:00
Gavin Corkery	fefe81b685	Merge "Allow mediaprovider and mediaserver to read sdk_sandbox_data_file" into udc-dev	2023-05-09 15:41:32 +00:00
Gavin Corkery	10417857ea	Allow mediaprovider and mediaserver to read sdk_sandbox_data_file Context: go/videoview-local-sandbox. This change is required to play local files in a VideoView in the SDK sandbox. Ignore-AOSP-First: Cherrypick Test: Manual steps described in doc Bug: 266592086 Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8	2023-05-09 13:10:01 +00:00
Peiyong Lin	3f1f851297	Allow graphics_config_writable_prop to be modified. vendor_init needs to set graphics_config_writable_prop, moving it to system_public_prop. Ignore-AOSP-First: Cherry-pick Bug: b/270994705 Test: atest CtsAngleIntegrationHostTestCases Test: m && boot Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07 (cherry picked from commit `194abd16cb`)	2023-05-08 00:25:29 +00:00
Mugdha Lakhani	30cf7bbf28	Relax sdk sandbox sepolicy. auditallow block from sdk_sandbox has been removed as we haven't yet measured the system health impact of adding this. It'll be added to an audit domain later after we've ruled out negative system health impact. Bug: b/270148964 Test: atest PackageManagerLocalTest SdkSandboxDataIsolationHostTest SdkSandboxRestrictionsTest Change-Id: Ic4ce690e82b09ed176495f3b55be6069ffc074ac Merged-In: Ic4ce690e82b09ed176495f3b55be6069ffc074ac	2023-05-06 19:25:40 +00:00
Peiyong Lin	bceecf2bd0	Merge "Allow graphics_config_writable_prop to be modified." into udc-dev am: `82e2aa6c61` am: `747e54326e` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22993902 Change-Id: Ibf257e1ffbcbb0ae1df14ce7c2393138999a8145 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 17:07:17 +00:00
Peiyong Lin	747e54326e	Merge "Allow graphics_config_writable_prop to be modified." into udc-dev am: `82e2aa6c61` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22993902 Change-Id: I0546c4468dfbfb017c3c288c83883f99e5cb8c7b Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 16:54:26 +00:00
Peiyong Lin	82e2aa6c61	Merge "Allow graphics_config_writable_prop to be modified." into udc-dev	2023-05-05 16:24:26 +00:00
Treehugger Robot	568be11492	Merge "Add neverallow rules to protect SDK's private data" into udc-dev am: `b7146a9e58` am: `e114c652a0` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22907484 Change-Id: I3c16dfe139609be098ebc781aecc8dbe332bafdf Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 16:03:38 +00:00
Treehugger Robot	e114c652a0	Merge "Add neverallow rules to protect SDK's private data" into udc-dev am: `b7146a9e58` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22907484 Change-Id: I245c4c12dff2028abfe1c7a3002c3a3b5e7b4e47 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-05 15:22:00 +00:00
Treehugger Robot	b7146a9e58	Merge "Add neverallow rules to protect SDK's private data" into udc-dev	2023-05-05 14:38:12 +00:00
Howard Chen	f0de156722	Merge "Allow gsid to create alternative installation directory" into udc-qpr-dev	2023-05-05 03:08:06 +00:00
Jay Civelli	ec3e029174	Merge "Add 2 new system properties for Quick Start" into udc-dev am: `5fd77a4e68` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879 Change-Id: I4da2eaa71f26a8a632e6749290bf94facb1237c5 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-04 17:13:08 +00:00
Jay Civelli	8212b528ce	Merge "Add 2 new system properties for Quick Start" into udc-dev am: `5fd77a4e68` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22872879 Change-Id: I4ed8cb09feae9b4f3b8990b82296332d2039d8da Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-04 17:08:35 +00:00
Mugdha Lakhani	2d9b9f2b31	Add neverallow rules to protect SDK's private data SDK's data should not be accessible directly by other domains, including system server. Added neverallow to ensure that. Bug: b/279885689 Test: make and boot device Change-Id: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2 Merged-In: If6a6b4d43f297ec2aa27434dd26f6c88d0d8bcf2	2023-05-04 16:38:40 +00:00
Jay Civelli	5fd77a4e68	Merge "Add 2 new system properties for Quick Start" into udc-dev	2023-05-04 16:35:59 +00:00
Peiyong Lin	194abd16cb	Allow graphics_config_writable_prop to be modified. vendor_init needs to set graphics_config_writable_prop, moving it to system_public_prop. Ignore-AOSP-First: Cherry-pick Bug: b/270994705 Test: atest CtsAngleIntegrationHostTestCases Test: m && boot Change-Id: I2f47c1048aad4565cb13d4289b9a018734d18c07 Merged-In: I2f47c1048aad4565cb13d4289b9a018734d18c07	2023-05-04 16:04:44 +00:00
Howard Chen	de62e955e3	Allow gsid to create alternative installation directory Bug: 275484855 Test: adb shell gsi_tool install -n -w \ --gsi-size $(du -b system.raw\|cut -f1) \ --install-dir /data/gsi/oem --userdata-size 8589934592 < system.raw Change-Id: I46aa48fafec2f3845fa1a5139afb8c03db6b0d4e	2023-05-04 13:52:44 +08:00
Jay Civelli	c97b3a244f	Add 2 new system properties for Quick Start Test: Manually validated that GmsCore can access the properties, but not a test app. Ignore-AOSP-First: Change is targeted at Google devices. Change-Id: I2fa520dc31b328738f9a5fd1bcfc6632b61ad912 Bug: 280330984	2023-05-03 04:04:15 +00:00
Kalesh Singh	f11e0af5c6	Merge "16k: Add sepolicy for max page size prop" into udc-dev am: `ad3183676c` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22935830 Change-Id: Ie0232a428d0ecbea5c10de26206bb4f7bc64d3af Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-02 16:45:55 +00:00
Kalesh Singh	ad3183676c	Merge "16k: Add sepolicy for max page size prop" into udc-dev	2023-05-02 16:11:59 +00:00
Jinyoung Jeong	8eaded4bc4	Fix selinux denial for setupwizard_esim_prop am: `e52a8f2a47` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22955599 Change-Id: I5a52a063ffaba2f4063ff2865172e6bc85bafd1f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-02 14:57:35 +00:00
Jinyoung Jeong	e52a8f2a47	Fix selinux denial for setupwizard_esim_prop Bug: 280336861 Test: no denial logs found Ignore-AOSP-First: will merge in AOSP aosp/2573840 Change-Id: Ieedf8343f55f047b3fd33cc1cd2c759400dce2b4	2023-05-02 10:40:07 +00:00
Weilin Xu	c3a887cee6	Merge "Make broadcastradio_service accessible from CTS" into udc-dev am: `07767709c9` Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/22634562 Change-Id: I43c6be19b771098bda3c9b84d96b72b754c4c7aa Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-05-02 10:26:08 +00:00
Weilin Xu	07767709c9	Merge "Make broadcastradio_service accessible from CTS" into udc-dev	2023-05-02 05:05:55 +00:00
Treehugger Robot	f46c87d2d1	Merge "Allow fastbootd set boottime property" into udc-d1-dev	2023-05-02 04:54:37 +00:00
Jayden Kim	5462a6501b	Merge "Add sepolicy for new bluetooth le radio path loss compensation sysprops" into udc-dev	2023-05-02 01:01:14 +00:00
Kalesh Singh	58cefa04ab	16k: Add sepolicy for max page size prop Devices can select their max supported with PRODUCT_MAX_PAGE_SIZE_SUPPORTED. This is exposed as ro.product.cpu.pagesize.max to VTS tests. Add the required sepolicy labels for the new property. Bug: 277360995 Test: atest -c vendor_elf_alignment_test -s <serial> Signed-off-by: Kalesh Singh <kaleshsingh@google.com> (cherry picked from https://android-review.googlesource.com/q/commit:0a66ea359f6751741f8100a9d934ae8d2e53d120) Merged-In: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8 Change-Id: Ibe01e301dbcc3392201dffd3bba845700ee2a5e8	2023-05-01 09:13:39 -07:00
Evgenii Stepanov	f666700fa9	Merge "Relax sepolicy for device_config_runtime_native_*." into udc-dev	2023-04-30 18:29:18 +00:00
Evgenii Stepanov	11ce6894e8	Relax sepolicy for device_config_runtime_native_*. This change allows vendor init scripts to react to the MTE bootloader override device_config. It extends the domain for runtime_native and runtime_native_boot configs from "all apps", which is already very permissive, to "everything". Ignore-AOSP-First: UpsideDownCake/34 does not exist in AOSP Bug: 239832365 Test: none Change-Id: I66aa1492f929f43f937b4ab0780f7753c1f4b92e	2023-04-28 14:37:18 -07:00
Jayden Kim	0e228763e1	Add sepolicy for new bluetooth le radio path loss compensation sysprops Bug: 277676657 Test: make -j; atest BluetoothInstrumentationTests Change-Id: I94f8d9d18b9c4659703edb773dd29870430e40b7 Ignore-AOSP-First: This is a cherry-pick from AOSP	2023-04-28 16:31:09 +00:00
Jinyoung Jeong	fa95e8c591	Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore bug: 279548423 Test: http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed Ignore-AOSP-First: will merge in AOSP aosp/2571810 Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b	2023-04-28 16:25:26 +00:00
Wilson Sung	97af7582a1	Allow fastbootd set boottime property Bug: 264489957 Test: flash and no related avc error Change-Id: Ia9a6d4918aa78e6b3e7df39496d786921192c8af Ignore-AOSP-First: master need the prebuilt upadte Signed-off-by: Wilson Sung <wilsonsung@google.com>	2023-04-28 08:12:50 +00:00
Weilin Xu	85b94c7c49	Make broadcastradio_service accessible from CTS When CTS test app tries to get broadcastradio_service from context, it is considered as untrusted app by sepolicy since broadcastradio_service is not app_api_service. Made it as app_api_service so that CTS for broadcastradio can be ran on devices. Bug: 262191898 Test: atest CtsBroadcastRadioTestCase Ignore-AOSP-First: fix CTS issue Change-Id: I0583f549eb5b781ff23f81b2073baa0390009f9e	2023-04-27 23:40:33 +00:00
Parth Sane	f6f4205d50	Merge "Add SysProp to set the number of threads in Apexd bootstrap" into udc-dev	2023-04-26 12:31:14 +00:00
Parth Sane	daf8bbe7e4	Add SysProp to set the number of threads in Apexd bootstrap Test: Manual. Tested on device Bug: 265019048 Change-Id: I1d559b4398c2e91f50da48dc6d5ccbef63fb9d18 (cherry picked from commit `e8a2001086`) Ignore-AOSP-First: This is a cherry-pick from AOSP	2023-04-25 17:40:39 +00:00
Jeff Vander Stoep	f9a774f1ae	Disallow watch and watch_reads on apk_data_file for apps This can be used as a side channel to observe when an application is launched. Gate this restriction on the application's targetSdkVersion to avoid breaking existing apps. Only apps targeting 34 and above will see the new restriction. Remove duplicate permissions from public/shell.te. Shell is already appdomain, so these permissions are already granted to it. Ignore-AOSP-First: Security fix Bug: 231587164 Test: boot device, install/uninstall apps. Observe no new denials. Test: Run researcher provided PoC. Observe audit messages. Change-Id: Ic7577884e9d994618a38286a42a8047516548782	2023-04-25 15:20:45 +02:00
Alex Buynytskyy	9c6c988bad	UpsideDownCake/34 is now REL Ignore-AOSP-First: UpsideDownCake Finalization Bug: 275409981 Test: build Change-Id: I15bf3817a8a6867d52f7963a04a69e543a9801e9 Merged-In: I15bf3817a8a6867d52f7963a04a69e543a9801e9	2023-04-21 19:36:02 +00:00

1 2 3 4

193 commits